AI description
CVE-2023-44221 is a command injection vulnerability found in the SMA100 SSL-VPN management interface. It allows a remote, authenticated attacker with administrative privileges to inject arbitrary commands. These commands are executed as the "nobody" user, potentially leading to OS command injection. This vulnerability exists due to improper neutralization of special elements within the SMA100 SSL-VPN management interface. It is often exploited in conjunction with other vulnerabilities, such as CVE-2024-38475, to bypass authentication and gain administrative control over affected systems.
- Description
- Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
- Source
- PSIRT@sonicwall.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- SonicWall SMA100 Appliances OS Command Injection Vulnerability
- Exploit added on
- May 1, 2025
- Exploit action due
- May 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
42
🗞️ SonicWall SMA Devices Under Attack: Critical Flaws Actively Exploited SonicWall confirms active exploitation of CVE-2023-44221 and CVE-2024-38475 in SMA100 devices, enabling file access and session hijacking. Admins are urged to patch immediately to prevent remote code h
@gossy_84
2 May 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Des attaques contre les SSL-VPN SonicWall SMA série 100 signalées ! SonicWall a mis à jour ses avis de sécurité pour CVE-2023-44221 et CVE-2024-38475 et la CISA a ajouté ces deux CVE à la base KEV, indiquant des exploitations actives. https://t.co/UV8hj1ol9u
@cert_ist
2 May 2025
86 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA updates its Known Exploited Vulnerabilities Catalog with CVE-2024-38475 in Apache HTTP Server and CVE-2023-44221 in SonicWall SMA100 devices. Urgent patches are essential to prevent unauthorized access! ⚠️🔒 #CVE2024 #CyberThreat link: https://t.co/6LzRYakOG4 https://
@TweetThreatNews
2 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#Attackers exploited old flaws to breach #SonicWall SMA appliances (#CVE-2024-38475, CVE-2023-44221) https://t.co/NRBg1XCzUK
@ScyScan
2 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 UPDATE - A public PoC exploit is now available for a serious SonicWall SMA exploit chain. ➡️ CVE-2024-38475: Apache HTTP Server flaw used to bypass auth ➡️ CVE-2023-44221: Post-auth command injection via Diagnostics menu CISA has added both to the KEV catalog — f
@TheHackersNews
2 May 2025
12385 Impressions
36 Retweets
87 Likes
17 Bookmarks
2 Replies
1 Quote
Our client base has been feeding us rumours about in-the-wild exploited SonicWall SMA n-days (CVE-2023-44221, CVE-2024-38475) for a while... Given these are now CISA KEV, enjoy our now public analysis and reproduction :-) https://t.co/W3zR5YRifJ
@watchtowrcyber
1 May 2025
16630 Impressions
38 Retweets
104 Likes
27 Bookmarks
2 Replies
3 Quotes
⚠️NSOC Alert ⚠️CVE-2023-44221 (CVSS 7.2) & CVE-2024-38475 (CVSS 9.8) are actively exploited in SMA100 appliances, upgrade to firmware ≥ 10.2.1.14-75sv, restrict SSL-VPN management to trusted IPs, enforce MFA for admins, segment VPN gateways, and review access logs
@cirtgovjm
1 May 2025
154 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-44221 #SonicWall SMA100 Appliances OS Command Injection Vulnerability https://t.co/LEk5eBKp1m
@ScyScan
1 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall has reported that vulnerabilities CVE-2023-44221 and CVE-2024-38475 in its Secure Mobile Access (SMA) appliances are being actively exploited. https://t.co/G1uxQWef4V
@securityRSS
1 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️SonicWall VPN Flaws Under Active Attack SonicWall warns SMA100 bugs CVE-2023-44221 & CVE-2024-38475 are exploited in the wild—enabling RCE & session hijacking. Patch to 10.2.1.14-75sv ASAP. CVE-2021-20035 also being hit. https://t.co/WPUJYfAETp #CyberSecurity
@dCypherIO
1 May 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited. SonicWall updated advisories for the CVE-2023-44221 and CVE-2024-38475 flaws as "potentially being exploited in the wild. https://t.co/h4pBYZjxJj https://
@riskigy
1 May 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two new KEVs on KEVIntel this morning - CVE-2024-38475 (Apache Software Foundation) - CVE-2023-44221 (SonicWall) https://t.co/W3lvSheb1i
@ethicalhack3r
1 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SonicWall reports active exploitation of vulnerabilities CVE-2023-44221 and CVE-2024-38475 in SMA100 appliances, risking command injection and unauthorized file access. Immediate system updates needed. 🚨 #SonicWall #NetworkSecurity #USA link: https://t.co/J5E82aAaP6 https://t
@TweetThreatNews
1 May 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 سونيك وال أكدت وجود استغلال نشط لثغرتين أمنيتين تم إصلاحهما في أجهزة SMA100 Secure Mobile Access. الثغرتان، CVE-2023-44221، سمحتا لمهاجمين عن بُعد ذوي صلاحيات إدارية بال
@Cybercachear
1 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall Confirms Active Exploitation of SMA 100 Vulnerabilities - Urges Immediate Patching SonicWall warns of active attacks on SMA 100 devices via CVE-2023-44221 and CVE-2024-38475. Users urged to update firmware immediately. https://t.co/uFte5hi0UP
@the_yellow_fall
1 May 2025
216 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SonicWall warns of actively exploited vulnerabilities in its Secure Mobile Access appliances. Advisories for CVE-2023-44221 and CVE-2024-38475 were updated, affecting several devices patched in firmware 10.2.1.14-75sv. #Security https://t.co/wwJ4MNmZbX
@Strivehawk
30 Apr 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SonicWall warns of high-severity vulnerabilities in SMA100 VPNs now being exploited! CVE-2023-44221 enables command injection, while CVE-2024-38475 allows remote code execution. #SonicWall #VulnerabilityAlert #USA link: https://t.co/KJnh0UEHV1 https://t.co/e1WXY5JPPa
@TweetThreatNews
30 Apr 2025
14 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_200_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4674E718-3642-4042-82DE-49B845CF2DC6",
"versionEndIncluding": "10.2.1.9-57sv"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0B190266-AD6F-401B-9B2E-061CDD539236"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_210_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5990A44B-DD34-4B32-B233-9062902EBE9A",
"versionEndIncluding": "10.2.1.9-57sv"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_210:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "51587338-4A5F-41FC-9497-743F061947C2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_400_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C82E099E-AAE1-4BD3-B0C0-38326201586C",
"versionEndIncluding": "10.2.1.9-57sv"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9D728332-10C9-4508-B720-569D44E99543"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_410_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E422E9C1-597B-468F-A634-23C54C1F7C74",
"versionEndIncluding": "10.2.1.9-57sv"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_410:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9DFB8FBC-FFA4-4526-B306-D5692A43DC9E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonicwall:sma_500v_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B70F00FF-A14D-40F3-9381-817542DE6A7D",
"versionEndIncluding": "10.2.1.9-57sv"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonicwall:sma_500v:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A6AD8A33-7CE4-4C66-9E23-F0C9C9638770"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]